The ESARR Implementation Monitoring and Support (ESIMS) Programme was introduced in its mature form in 2005 to assess, through a formal and detailed audit process, States’ safety oversight arrangements and capabilities. It was operated in close, formal cooperation with the ICAO Universal Safety Oversight Audit Programme (IUSOAP). The ESIMS Programme came to an end in 2012 being succeeded by the EASA standardisation inspections.
ESIMS audits' results and updates thereto were published on a regular basis by the EUROCONTROL Safety Regulation Commission (SRC) within the scope of its SRC Annual Safety Reports, posted on the EUCONTROL SRC website. Examples of results published in 2010 are shown below.
In 2005, the ESIMS Programme ceased to be primarily ESARR-based and focused on all applicable ATM safety oversight regulations. More specifically, audits cover:
- Relevant legislative and institutional arrangements;
- The ATM safety regulations in place;
- Safety regulatory arrangements, including policy and principles, procedures for rulemaking, safety oversight and personnel licensing, and resources and staff competency.
On-site audits were followed by the development of a State’s Corrective Action Plan, which is incorporated into the Final Audit Report.
By 1st October 2009, twenty-eight on-site audits had been completed as follows:
NOTE: Two further audits took place by the end of 2009 (Monaco and Czech Republic). Five were scheduled for 2010 (Armenia, Greece, Italy, Ukraine, Germany). In addition, follow-up audits were also scheduled for 2009 (Malta, Hungary) and 2010 (Slovakia, Serbia) to check the implementation of corrective actions.
There is a close correspondence between the areas reviewed in an ESIMS audit and the Eight Critical Elements (CEs) of a State’s Safety Oversight System as defined in ICAO Doc 9734-Part A - The Establishment and Management of a State’s Safety Oversight System.
ICAO Model - Eight Critical Elements of a State’s Safety Oversight System
The eight critical elements provide the basis used by ICAO USOAP to audit the safety oversight capabilities of a State. ESIMS audits used a series of protocol questions covering the whole scope of the audit. Findings were raised against one or more protocol questions and each protocol question is associated with an ICAO Critical Element.
Detailed Results to October 2009
When considering the sample of 21 ESIMS audits for which the Final Audit Reports were released in 2009, the aggregated scores obtained against the ICAO model are as follows:
These scores are similar in certain respects to those included in the SRC Annual Safety Report in 2008 for a sample of 15 audits. However, although they show slight progress in Critical Element 2 (specific operating regulations), they also indicate a significant decrease in Critical Element 4 (technical personnel qualification and training), Critical Element 5 (technical guidance and tools) and Critical Element 7 (surveillance obligations).
Non-Compliances per Critical Area
A more detailed analysis of the audit findings related to each ICAO Critical Element leads to the following summary:
- CE1 (Primary Aviation Legislation) - The level of implementation remains very high. The most problematic area is the determination of sanctions for infringements of SES requirements, required in Regulation (EC) No 549/2004.
- CE2 (Specific Operating Regulations) - In this area, the situation has progressively improved as a result of the transposition of ESARRs into EC law. It is worth noting that more than 30% of all deficiencies found in this critical element related to States’ progress in the publication and implementation of regulations compliant with ESARRs 3, 4 and 5, while more than 25% of all the deficiencies found related to the States’ progress in the publication and implementation of regulations compliant with ESARR 2. In addition, 10% of the deficiencies found related to the lack of establishment of a safety baseline defining acceptable levels of safety.
- CE3 (State Aviation System and Safety Oversight Functions) - The results show that around 38% of all the non-compliances discovered in CE-3 concerned the institutional arrangements for safety oversight. A number of Member States audited had problems with identifying and establishing appropriate arrangements as regards the responsibilities, interfaces and coordination necessary for the implementation of ESARRs, with ESARR 2, ESARR 4 and the ESARR 5 provisions for engineering/technical personnel being the most problematic. Moreover, 20% of the deficiencies found, relate to institutional arrangements, and specifically safety oversight exercised by the NSA as part of the supervision of regulatory requirements applicable to the provision of ATM services to general air traffic.
- CE4 (Qualified Technical Personnel and Training) - For this critical element a year-on-year drop in the level of implementation can be observed. This is due to the greater number of States being audited after ESARR 1 became applicable and the greater number of non-conformities related to ESARR 1 requirements. More than 55% of deficiencies found in this area relate to safety oversight capabilities, and specifically personnel competency. The main difficulty for States appeared to be their ability to establish qualification criteria for oversight personnel and to adequately train such personnel. 20% of deficiencies found related to the lack of sufficient technical staff to carry out safety oversight tasks and functions and lack of sufficient clerical staff to support the technical staff.
- CE5 (Technical Guidance, Tools and Provision of Safety Critical Information) - The highest number of issues was raised as regards the lack of formal requirements for initial ATC training courses to satisfy, as a minimum, the ECAC guidelines for Common Core Content training (accounting for 40% of all deficiencies found in the critical element). 24% were related to the lack of appropriate procedures for the verification of compliance with safety regulatory requirements.
- CE6 (Licensing, Certification, Authorisation and Approval Obligations) - More than 30% of non-compliances were related to the NSAs’ processes to verify the implementation by ANSPs of the ATCOs’ on-going competency assessment. In nearly 25% of the deficiencies found in the audited States, problems were raised in relation to the safety oversight of changes, and especially the detailed process related to the review of changes. Significant problems exist as well as regards the approval of ATC unit training plans.
- CE7 (Surveillance Obligations) - In this critical element we can observe a significant drop in the overall level of compliance in comparison with the results from previous year (as in CE4 and CE5). More than 30% of the non-compliances related to a lack of on-going verification of the implementation by ANSPs of ESARRs 2-6, or their corresponding EC rules where applicable. In addition, 22% of the deficiencies found in the CE related to the inappropriate, or lack of, oversight of changes in the on-going oversight performed by the NSAs. 17% of the non-compliances referred to safety regulatory auditing issues (more especially, programmes of audits and management of audit findings).
- CE8 (Resolution of Safety Concerns) - 35% of all non-compliances were related to the lack, or inappropriate use, of the analysis of ATM safety occurrences to improve regulatory decision-making and other safety regulatory processes. Nearly 30% of the deficiencies found referred to the enforcement of safety directives as per ESARR 1 and Regulation (EC) No 1315/2007, and to implementation of appropriate enforcement measures in accordance with Article 7(7) of Regulation (EC) No 550/2004 and Article 9 of Regulation (EC) No 549/2004.
Progress on Corrective Action Plans
A key feature of the ESIMS process is the development and implementation of Corrective Action Plans (CAPs) by States. CAPs address the deficiencies revealed in the audit process, and are incorporated into the final audit report, which also includes an evaluation of their effectiveness by SRU.
The following graph is based on the reports received from 18 States previously audited under ESIMS, and shows the progress made in the implementation of corrective actions.
The reports forwarded by States are based on their self-assessment, but the ESIMS process foresees the possibility of arranging follow up audits to double-check this aspect. Nevertheless, due to resource considerations, the Programme will confine itself to scheduling a limited number of follow-up audits by selecting a sample of two or three States per year. The first two follow-up audits will take place by the end of 2009.
Pan-European Problems Detected by ESIMS
The following “Generic Findings” stemming form the ESIMS audits appear to indicate the existence of some pan-European issues requiring action at European level:
- Lack of arrangements for the safety oversight of ATFM and ASM by NSAs, notably in the case of the ATFM elements operated centrally by CFMU. As already explained in the SRC’s 2008 Annual Safety Report, this issue was raised at SRC by the Members States audited in ESIMS and various actions were taken to define an approach to this matter at European level. However, at this moment no solution has been implemented yet. This aspect becomes more relevant after the entry into force of ESARR 1 and Commission Regulation (EC) No 1315/2007 requiring the NSAs to exercise their safety oversight function also with regard to ATFM and ASM organisations.
- Problems related to the implementation of some ESARR provisions, where specific aspects complicated the transposition of ESARR into EC law (e.g. the ESARR 4 Risk Classification Scheme and ESARR 6). Nevertheless, significant improvement may follow in these areas as a result of the publication of Commission Regulation (EC) No 482/2008 transposing ESARR 6 into EC law and the current activities undertaken by the EC regarding the Risk Classification Scheme Mandate given to EUROCONTROL.
- Lack of formalisation of safety oversight arrangements regarding cross-border situations, which appears to be a constant issue across Europe.
- Poor implementation by NSAs of safety oversight of changes. This area appears to require particular attention and support to facilitate the NSAs’ new obligations as regards the acceptance of new systems and changes to existing systems.
- Lack of specification of enforcement measures for infringements to SES by certified providers as required in the relevant SES regulations.